ICALP 2014: Automata, Languages, and Programming pp 991-1002 | Cite as
Close to Uniform Prime Number Generation with Fewer Random Bits
Abstract
In this paper, we analyze several variants of a simple method for generating prime numbers with fewer random bits. To generate a prime p less than x, the basic idea is to fix a constant q ∝ x 1 − ε , pick a uniformly random a < q coprime to q, and choose p of the form a + t·q, where only t is updated if the primality test fails. We prove that variants of this approach provide prime generation algorithms requiring few random bits and whose output distribution is close to uniform, under less and less expensive assumptions: first a relatively strong conjecture by H. Montgomery, made precise by Friedlander and Granville; then the Extended Riemann Hypothesis; and finally fully unconditionally using the Barban–Davenport–Halberstam theorem.
-
it uses much fewer random bits than both the “trivial algorithm” (testing random numbers less than x for primality) and Maurer’s almost uniform prime generation algorithm;
-
the distance of its output distribution to uniform can be made arbitrarily small, unlike algorithms like PRIMEINC (studied by Brandt and Damgård), which we show exhibit significant biases;
-
all quality measures (number of primality tests, output entropy, randomness, etc.) can be obtained under very standard conjectures or even unconditionally, whereas most previous nontrivial algorithms can only be proved based on stronger, less standard assumptions like the Hardy–Littlewood prime tuple conjecture.
Keywords
Number Theory Cryptography Prime Number GenerationPreview
Unable to display preview. Download preview PDF.
References
- 1.Agrawal, M., Kayal, N., Saxena, N.: PRIMES is in P. Ann. Math. 160(2), 781–793 (2004)CrossRefMATHMathSciNetGoogle Scholar
- 2.Barban, M.B.: The “large sieve” method and its application to number theory. Uspehi Mat. Nauk 21, 51–102 (1966)MathSciNetGoogle Scholar
- 3.Brandt, J., Damgård, I.: On generation of probable primes by incremental search. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 358–370. Springer, Heidelberg (1993)CrossRefGoogle Scholar
- 4.Brandt, J., Damgård, I., Landrock, P.: Speeding up prime number generation. In: Matsumoto, T., Imai, H., Rivest, R.L. (eds.) ASIACRYPT 1991. LNCS, vol. 739, pp. 440–449. Springer, Heidelberg (1993)CrossRefGoogle Scholar
- 5.Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. ACM Trans. Inf. Syst. Secur. 3(3), 161–185 (2000)CrossRefGoogle Scholar
- 6.Davenport, H.: Multiplicative Number Theory, 2nd edn. Graduate Texts in Mathematics, vol. 74. Springer (1980)Google Scholar
- 7.Davenport, H., Halberstam, H.: Primes in arithmetic progressions. Michigan Math. J. 13, 485–489 (1966)CrossRefMATHMathSciNetGoogle Scholar
- 8.De la Vallée Poussin, C.-J.: Recherches analytiques sur la théorie des nombres premiers. Ann. Soc. Sci. Bruxelles 20, 281–397 (1896)Google Scholar
- 9.Eastlake, D., Schiller, J., Crocker, S.: Randomness Requirements for Security. RFC 4086 (Best Current Practice) (June 2005)Google Scholar
- 10.Fouque, P.-A., Tibouchi, M.: Close to uniform prime number generation with fewer random bits. arXiv.org e-Print archive (2014), Full version of this paperGoogle Scholar
- 11.Friedlander, J.B., Granville, A.: Limitations to the equi-distribution of primes I. Ann. Math. 129, 363–382 (1989)CrossRefMATHMathSciNetGoogle Scholar
- 12.Gallagher, P.X.: The large sieve. Mathematika 14(1), 14–20 (1967)CrossRefMATHMathSciNetGoogle Scholar
- 13.Hardy, G.H., Littlewood, J.E.: Some problems of ‘partitio numerorum’: III. on the expression of a number as a sum of primes 44, 1–70 (1922)Google Scholar
- 14.Hardy, G.H., Wright, E.M.: An Introduction to the Theory of Numbers, 4th edn. Clarendon Press (1960)Google Scholar
- 15.Joye, M., Paillier, P.: Fast generation of prime numbers on portable devices: An update. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 160–173. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 16.Joye, M., Paillier, P., Vaudenay, S.: Efficient generation of prime numbers. In: Koç, Ç.K., Paar, C. (eds.) CHES 2000. LNCS, vol. 1965, pp. 340–354. Springer, Heidelberg (2000)CrossRefGoogle Scholar
- 17.Maurer, U.M.: Fast generation of secure RSA-moduli with almost maximal diversity. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 636–647. Springer, Heidelberg (1990)CrossRefGoogle Scholar
- 18.Maurer, U.M.: Fast generation of prime numbers and secure public-key cryptographic parameters. J. Cryptology 8(3), 123–155 (1995)CrossRefMATHMathSciNetGoogle Scholar
- 19.Mihăilescu, P.: Fast generation of provable primes using search in arithmetic progressions. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 282–293. Springer, Heidelberg (1994)Google Scholar
- 20.Mihăilescu, P.: Security of biased sources for cryptographic keys. In: Cryptography and computational number theory (Singapore, 1999). Progr. Comput. Sci. Appl. Logic, vol. 20, pp. 287–302. Birkhäuser, Basel (2001)Google Scholar
- 21.Montgomery, H.L.: Topics in Multiplicative Number Theory. Lecture Notes in Mathematics, vol. 227. Springer (1971)Google Scholar
- 22.Montgomery, H.L.: Problems concerning prime numbers. Proc. Symp. Pure Math. 28, 307–310 (1976)Google Scholar
- 23.Rabin, M.: Probabilistic algorithms for testing primality 12, 128–138 (1980)Google Scholar
- 24.Shoup, V.: A Computational Introduction to Number Theory and Algebra (Version 2). Cambridge University Press (2008)Google Scholar
- 25.Turán, P.: Über die Primzahlen der arithmetischen Progression. Acta Sci. Math. Szeged 8(4), 226–235 (1936)Google Scholar
- 26.Walfisz, A.: Zur additiven Zahlentheorie II. Mathematische Zeitschrift 40(1), 592–607 (1936)CrossRefMathSciNetGoogle Scholar